feat: Add loopback connection interception control#1304
Conversation
Summary: This commit introduces a new feature to allow users to control whether OpenSnitch intercepts loopback (localhost) connections. Key changes include: 1. Configuration Addition: - Added `InterceptLoopback` boolean field in the configuration. - Updated default config to include `InterceptLoopback: false`. 2. Core Logic Enhancements: - Introduced `isLoopback` helper function to check IP addresses. - Modified `Parse` method in `connection.go` to respect `interceptLoopback` flag. - Added logic in `NewConnection` and `NewConnection6` to skip loopback connections when interception is disabled. 3. UI and Client Updates: - Added `InterceptLoopback` checkbox in preferences dialog. - Updated client API with `InterceptLoopback()` method. - Adjusted packet handling in `main.go` to bypass loopback processing when needed. 4. Testing and Documentation: - Updated test configurations to include new setting. - Added UI tests for loopback interception preference. This change enhances network monitoring flexibility, allowing users to focus on external traffic while optionally ignoring local communications.
Author
|
Resolves #965 |
ghost
mentioned this pull request
added 2 commits
April 7, 2025 23:37
…t-in IsLoopback() method directly This commit removes the unnecessary `isLoopback` helper function since the net.IP type already provides an `IsLoopback()` method. The functionality remains the same but is now more concise and uses the standard library's built-in functionality instead of a custom implementation.
…dling This change replaces the `IsLoopback()` method calls with direct comparisons: - For IPv4 connections, it checks if the first byte of IP address is 127 - For IPv6 connections, it compares the string representation of IP addresses to the standard IPv6 loopback address These changes make the code more efficient by avoiding method calls and using simple value comparisons instead.
ghost
closed this
ghost
deleted the
This pull request was closed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary:
This commit introduces a new feature to allow users to control whether OpenSnitch intercepts loopback (localhost) connections. Key changes include:
Configuration Addition:
InterceptLoopbackboolean field in the configuration.InterceptLoopback: false.Core Logic Enhancements:
isLoopbackhelper function to check IP addresses.Parsemethod inconnection.goto respectinterceptLoopbackflag.NewConnectionandNewConnection6to skip loopback connections when interception is disabled.UI and Client Updates:
InterceptLoopbackcheckbox in preferences dialog.InterceptLoopback()method.main.goto bypass loopback processing when needed.Testing and Documentation:
This change enhances network monitoring flexibility, allowing users to focus on external traffic while optionally ignoring local communications.